- Man claims ex-girlfriend killed his dog after he broke up with her 3 Years Ago
- What are BitTorrent downloads and how do they work? 3 Years Ago
- ICE cuts the cord on real immigrant hotline after being featured in ‘Orange Is the New Black’ Today 10:49 AM
- The 10 best music podcasts for artist interviews and criticism in 2019 Today 10:41 AM
- How a socialist Twitch streamer landed in a feud with Dan Crenshaw Today 10:07 AM
- How to prepare for your fantasy football draft (and season) Today 9:00 AM
- Kit Harington is joining the MCU–and people are guessing which character he will play Today 8:48 AM
- How to live stream Juan Francisco Estrada vs. Dewayne Beamon Today 8:00 AM
- The 5 best free torrent clients you can download in 2019 Today 8:00 AM
- How to stream Saints vs. Jets in NFL preseason action Today 7:49 AM
- How to stream Chiefs vs. 49ers in NFL preseason action Today 7:36 AM
- How to live stream Bellator 225: Mitrione vs. Kharitonov Today 7:30 AM
- Alice Wetterlund draws insight from the last decade in ‘My Mama Is a Human and So Am I’ Today 7:00 AM
- How to stream the Cowboys vs. Texans NFL preseason showdown Today 7:00 AM
- How ‘Stranger Things’ is inspiring new waves of Dungeons and Dragons fans Today 6:00 AM
Two members of the Senate Armed Services Committee want the White House to clearly define what constitutes an act of war in cyberspace.
The Cyber Act of War Act, introduced on Tuesday by Sens. Angus King (I-Maine) and Mike Rounds (R-S.D.), would give President Barack Obama 180 days to send the House and Senate defense committees “a policy for determining when an action carried out in cyberspace constitutes an act of war against the United States.”
The policy would need to consider “the ways in which the effects of a cyber attack may be equivalent to the effects of an attack using conventional weapons, including with respect to physical destruction or casualties,” as well as “intangible effects of significant scope, intensity, or duration.”
“By requiring the Administration to define what constitutes an act of war in the cyber domain, this legislation would help our government be better able to respond to cyber-attacks and deter malicious actors from launching them in the first place,” King said in a statement.
“Declaring a cyber attack an act of war could have similar, far-reaching consequences.”
International law strictly governs conduct during war, but cyberwar presents new challenges—including the difficulty of attributing digital attacks that can be routed through intermediary countries—that combine to make cyberspace a largely untested legal zone.
Michael Schmitt, an expert in cyber conflict and the lead author of the Tallinn Manual, a guide to the international law of cyberspace, noted that the international law of war’s three core terms—“use of force,” “armed attack,” and “armed conflict”—are all “highly technical and unsettled when applied to cyber ops.”
“Introducing a new term will only complicate matters,” Schmitt, who chairs the Stockton Center at the U.S. Naval War College, said in an email. He called the bill’s mandate to define cyberwar “interesting, but not horribly feasible.”
Timothy Edgar, a senior fellow at Brown University’s Watson Institute for International Studies and Public Affairs, agreed, calling the bill “a good first step” in an email but adding that “any definition would have to be rather general, given the technical and legal uncertainties.”
Still, said Edgar, who worked on cyber issues as President Obama’s first director of privacy at the National Security Council, “A dialogue between the executive branch and Congress about what cyber attacks should be considered ‘war’ is a useful one to have before a major cyber attack.”
Lawmakers have taken an increasingly active role in cyberspace policy oversight as countries like Russia, China, Iran, and North Korea have refined their offensive cyber operations and begun striking overseas targets.
After a Dec. 23 cyberattack on a Ukrainian power company plunged a significant portion of the country’s western region into darkness, U.S. and Ukrainian investigators identified malware linked to an ethnic Russian hacking group in the company’s networks.
The Ukrainian incident, the first confirmed use of a cyberattack to disrupt physical civilian infrastructure, prompted new worries about the vulnerabilities of U.S. critical infrastructure and led the Obama administration to warn American power companies to harden their systems.
The White House has tried to tamp down cyber tensions with its main rivals. President Obama reached a deal last September with Chinese President Xi Jinping that bars either country from pursuing cyber espionage for commercial purposes. But that deal does not cover political intrusions like the 2015 Office of Personnel Management data breach, which is widely believed to be the work of China’s cyber army.
Jason Healey, a senior research scholar in cyber conflict studies at Columbia University, said in an email that the two senators’ push for a clear definition amounted to “not a very useful bill or debate.”
“After all, there is no definition of what an ‘act of war’ is for any kind of kinetic conflict either,” Healey said. “An ‘act of war’ depends entirely on the circumstances as well as the decision of the head of government—it is not just a national security decision, but ultimately a political decision.”
Edgar expressed hope that the bill’s requirement to define cyberwar, as simplistic as it is, might at least prompt a careful examination of the policy shifts that occur in wartime.
“We are still living with the consequences of what it means to be in a ‘war’ on terrorism, both international and domestic,” he said. “Declaring a cyber attack an act of war could have similar, far-reaching consequences.”
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.